<?php
    session_start();

    $logFile = "login_" . date("Y-m-d-HH-m-s") . ".log";
    
    $classesPath = '.' .
                 DIRECTORY_SEPARATOR .
                 'classes' .
                 DIRECTORY_SEPARATOR;

    require_once $classesPath .
                 'Config.php';
    
    require_once $classesPath .
                 'DB_UTIL.php';
    
    require_once $classesPath .
                 'LogWriter.php';
    
    Config::ReadFile($classesPath . "Config.txt");
    LogWriter::LogToFile("Vor POST Abfrage", 
                         $logFile);
    
    if(isset($_POST["username"]) &&
       isset($_POST["password"]))
    {        
        
        LogWriter::LogToFile("Post vorhanden" . PHP_EOL .
                             "username: " . $_POST["username"] . PHP_EOL .
                             "password: " . $_POST["password"], 
                             $logFile);
        
        $db = new DB_UTIL();
        
        $abfrage = "SELECT l.id, l.username
                    FROM leo l
                    JOIN leo_recht lr ON ( l.id = lr.leo_id ) 
                    JOIN recht r ON ( lr.recht_id = r.id ) 
                    WHERE r.text_id =  'SERVICE_LOGIN' OR r.text_id =  'VOLLZUGRIFF'
                    AND l.username =  '".$_POST["username"]."'
                    AND l.password =  '".$_POST["password"]."'";

        $ergebnis = $db->ExecSql($abfrage);
        
        LogWriter::LogToFile(mysql_num_rows($ergebnis), $logFile);

        if(mysql_num_rows($ergebnis) == 1)
        {
            $row = mysql_fetch_object($ergebnis);

            $_SESSION["username"] = $row->username;
            $_SESSION["id"] = $row->id;

            $db = null;

            exit;
        }
        else
        {
            header('HTTP/1.0 403 Forbidden');
            die('You are not allowed to access this site.'); 
        }
    }    

    header('HTTP/1.0 403 Forbidden');
    die('You are not allowed to access this site.');  
?>
